]>
Commit | Line | Data |
---|---|---|
2c789c82 | 1 | =pod |
625c781d | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
9fcb9702 | 3 | |
2c789c82 BM |
4 | =head1 NAME |
5 | ||
b6b66573 | 6 | openssl-ecparam - EC parameter manipulation and generation |
2c789c82 BM |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
10 | B<openssl ecparam> | |
169394d4 | 11 | [B<-help>] |
e8769719 RS |
12 | [B<-inform> B<DER>|B<PEM>] |
13 | [B<-outform> B<DER>|B<PEM>] | |
14 | [B<-in> I<filename>] | |
15 | [B<-out> I<filename>] | |
2c789c82 BM |
16 | [B<-noout>] |
17 | [B<-text>] | |
18 | [B<-C>] | |
19 | [B<-check>] | |
ac2b52c6 | 20 | [B<-check_named>] |
e8769719 | 21 | [B<-name> I<arg>] |
fc1d88f0 | 22 | [B<-list_curves>] |
e8769719 RS |
23 | [B<-conv_form> I<arg>] |
24 | [B<-param_enc> I<arg>] | |
2c789c82 | 25 | [B<-no_seed>] |
2c789c82 | 26 | [B<-genkey>] |
018aaeb4 | 27 | {- $OpenSSL::safe::opt_engine_synopsis -} |
9fcb9702 | 28 | {- $OpenSSL::safe::opt_r_synopsis -} |
6bd4e3f2 | 29 | {- $OpenSSL::safe::opt_provider_synopsis -} |
2c789c82 | 30 | |
9f3c076b | 31 | =for openssl ifdef engine |
1738c0ce | 32 | |
2c789c82 BM |
33 | =head1 DESCRIPTION |
34 | ||
d1eec097 P |
35 | This command has been deprecated. |
36 | The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands | |
37 | should be used instead. | |
38 | ||
2c789c82 BM |
39 | This command is used to manipulate or generate EC parameter files. |
40 | ||
777182a0 RS |
41 | OpenSSL is currently not able to generate new groups and therefore |
42 | this command can only create EC parameters from known (named) curves. | |
43 | ||
2c789c82 BM |
44 | =head1 OPTIONS |
45 | ||
46 | =over 4 | |
47 | ||
169394d4 MR |
48 | =item B<-help> |
49 | ||
50 | Print out a usage message. | |
51 | ||
777182a0 | 52 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> |
2c789c82 | 53 | |
777182a0 RS |
54 | The input and formats; the default is B<PEM>. |
55 | See L<openssl(1)/Format Options> for details. | |
2c789c82 | 56 | |
777182a0 | 57 | Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279. |
2c789c82 | 58 | |
e8769719 | 59 | =item B<-in> I<filename> |
2c789c82 BM |
60 | |
61 | This specifies the input filename to read parameters from or standard input if | |
62 | this option is not specified. | |
63 | ||
e8769719 | 64 | =item B<-out> I<filename> |
2c789c82 BM |
65 | |
66 | This specifies the output filename parameters to. Standard output is used | |
67 | if this option is not present. The output filename should B<not> be the same | |
68 | as the input filename. | |
69 | ||
70 | =item B<-noout> | |
71 | ||
72 | This option inhibits the output of the encoded version of the parameters. | |
73 | ||
74 | =item B<-text> | |
75 | ||
76 | This option prints out the EC parameters in human readable form. | |
77 | ||
78 | =item B<-C> | |
79 | ||
80 | This option converts the EC parameters into C code. The parameters can then | |
35cb565a | 81 | be loaded by calling the get_ec_group_XXX() function. |
2c789c82 BM |
82 | |
83 | =item B<-check> | |
84 | ||
85 | Validate the elliptic curve parameters. | |
86 | ||
ac2b52c6 NT |
87 | =item B<-check_named> |
88 | ||
89 | Validate the elliptic name curve parameters by checking if the curve parameters | |
37f03b98 | 90 | match any built-in curves. |
ac2b52c6 | 91 | |
e8769719 | 92 | =item B<-name> I<arg> |
2c789c82 BM |
93 | |
94 | Use the EC parameters with the specified 'short' name. Use B<-list_curves> | |
95 | to get a list of all currently implemented EC parameters. | |
96 | ||
97 | =item B<-list_curves> | |
98 | ||
35a810bb | 99 | Print out a list of all currently implemented EC parameters names and exit. |
2c789c82 | 100 | |
2f0ea936 | 101 | =item B<-conv_form> I<arg> |
2c789c82 BM |
102 | |
103 | This specifies how the points on the elliptic curve are converted | |
ab0a3914 MC |
104 | into octet strings. Possible values are: B<compressed>, B<uncompressed> (the |
105 | default value) and B<hybrid>. For more information regarding | |
2c789c82 BM |
106 | the point conversion forms please read the X9.62 standard. |
107 | B<Note> Due to patent issues the B<compressed> option is disabled | |
108 | by default for binary curves and can be enabled by defining | |
109 | the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time. | |
110 | ||
e8769719 | 111 | =item B<-param_enc> I<arg> |
2c789c82 BM |
112 | |
113 | This specifies how the elliptic curve parameters are encoded. | |
114 | Possible value are: B<named_curve>, i.e. the ec parameters are | |
35ed393e | 115 | specified by an OID, or B<explicit> where the ec parameters are |
1bc74519 | 116 | explicitly given (see RFC 3279 for the definition of the |
2c789c82 | 117 | EC parameters structures). The default value is B<named_curve>. |
aebb9aac | 118 | B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279, |
2c789c82 BM |
119 | is currently not implemented in OpenSSL. |
120 | ||
121 | =item B<-no_seed> | |
122 | ||
123 | This option inhibits that the 'seed' for the parameter generation | |
124 | is included in the ECParameters structure (see RFC 3279). | |
125 | ||
126 | =item B<-genkey> | |
127 | ||
35ed393e | 128 | This option will generate an EC private key using the specified parameters. |
2c789c82 | 129 | |
018aaeb4 | 130 | {- $OpenSSL::safe::opt_engine_item -} |
2c789c82 | 131 | |
9fcb9702 RS |
132 | {- $OpenSSL::safe::opt_r_item -} |
133 | ||
6bd4e3f2 P |
134 | {- $OpenSSL::safe::opt_provider_item -} |
135 | ||
2c789c82 BM |
136 | =back |
137 | ||
2c789c82 BM |
138 | =head1 EXAMPLES |
139 | ||
35eb4588 P |
140 | Examples equivalent to these can be found in the documentation for the |
141 | non-deprecated L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands. | |
142 | ||
2c789c82 BM |
143 | To create EC parameters with the group 'prime192v1': |
144 | ||
627bd670 | 145 | openssl ecparam -out ec_param.pem -name prime192v1 |
2c789c82 BM |
146 | |
147 | To create EC parameters with explicit parameters: | |
148 | ||
627bd670 | 149 | openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit |
2c789c82 BM |
150 | |
151 | To validate given EC parameters: | |
152 | ||
627bd670 | 153 | openssl ecparam -in ec_param.pem -check |
2c789c82 BM |
154 | |
155 | To create EC parameters and a private key: | |
156 | ||
627bd670 | 157 | openssl ecparam -out ec_key.pem -name prime192v1 -genkey |
2c789c82 BM |
158 | |
159 | To change the point encoding to 'compressed': | |
160 | ||
627bd670 | 161 | openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed |
2c789c82 BM |
162 | |
163 | To print out the EC parameters to standard output: | |
164 | ||
627bd670 | 165 | openssl ecparam -in ec_param.pem -noout -text |
2c789c82 BM |
166 | |
167 | =head1 SEE ALSO | |
168 | ||
b6b66573 | 169 | L<openssl(1)>, |
d1eec097 P |
170 | L<openssl-pkeyparam(1)>, |
171 | L<openssl-genpkey(1)>, | |
b6b66573 DMSP |
172 | L<openssl-ec(1)>, |
173 | L<openssl-dsaparam(1)> | |
2c789c82 | 174 | |
d1eec097 P |
175 | =head1 HISTORY |
176 | ||
177 | This command was deprecated in OpenSSL 3.0. | |
178 | ||
e2f92610 RS |
179 | =head1 COPYRIGHT |
180 | ||
d1eec097 | 181 | Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 182 | |
449040b4 | 183 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
184 | this file except in compliance with the License. You can obtain a copy |
185 | in the file LICENSE in the source distribution or at | |
186 | L<https://www.openssl.org/source/license.html>. | |
187 | ||
188 | =cut |